This article was produced for and sponsored by CenturyLink and Ciena.
When cyber thieves stole millions of government workers’ personal information by exploiting a weakness in the OPM systems, the incidents served as a wake up call to agency CIOs and for the nation as a whole.
As the value of data – from consumer health and financial records to sensitive government and proprietary corporate information – continues to rise, so does the incentive for hackers to find new ways to exploit network vulnerabilities and gain access to this information.
Layered defenses, continuous monitoring and diagnostics, among other cybersecurity practices, are all crucial to network security, say experts like Steve Alexander, senior vice president and chief technology officer at Ciena. But with the risks of devastating data breaches increasing all the time for government and commercial enterprises, “the network has never been more important,” Alexander says.
Working for Ciena, a global supplier of telecommunications networking equipment, software and services, gives Alexander a big picture view of the challenges. He notes how hackers, using a $500 device the size of an office stapler, can clamp onto fiber optic cables to intercept 10 billion bits of information a second.
“It’s like breaking into a bank and hauling away the entire vault, to work on later, only easier,” he says, because it involves just opening a manhole cover.
The risks, however, aren’t only about stealing data in transit. “Once you’re past the protective layers, you can potentially disrupt the data…or inject signals that corrupt the operation of the network,” creating a different kind of threat than the types that many agencies are guarding against.
Protecting your networks
Clearly, protecting your networks involves multiple layers of security, from hardened conduit with break-in alarms to sophisticated logical access controls. But it also demands having tools to measure fluctuations in the amplitude, phase and polarization of light over optical cables, among other indicators, that can detect anomalies on the network.
“If you have someone coming in and injecting light into the system, or there are unexpected power or signal fluctuations, you want the ability to pinpoint what the anomaly is and where it’s occurring,” says Alexander.
“You also need an intelligent network management system that can quickly respond to an anomaly or outage and reroute traffic to maintain continuity of service,” he says. Such a system depends on software-defined network environments, which can exchange information and, more importantly, redirect traffic across mesh networks according to prescribed instructions automatically in ways that hardwired networks often can’t.
It is also essential to work with service providers that take a holistic approach to security. Alexander points, for example, to Ciena’s work with CenturyLink, which has highly developed physical security and access controls for its facilities, dedicated information security teams, and sophisticated analysis tools and processes designed to identify new risks and monitor and respond to known security risks.
CenturyLink’s Tech Management and Network Operations teams, for instance, “ensure that all network elements (hardware, software, protocols and the connection medium) are rigorously tested and results evaluated prior to use in our networks,” says Cynthia Shelton, area vice president for special programs at CenturyLink. “Once network elements are deployed, our patch management, ongoing monitoring, and security test practices are key to maintaining a secure network.”
CenturyLink also uses an independent audit firm to perform a SOC 1 (SSAE 16) audit of its data center environments, and a separate independent auditors to assess many of its information security programs, including its business continuity and disaster preparedness programs, according to Shelton. “As a part of our enterprise risk management program, CenturyLink maintains a centralized Cyber Incident Response Team (CIRT) process with specific criteria for identifying and responding to events in the operational environment, and for notifying its customers as appropriate,” she says.
Improving situational awareness
Minimizing risk to the service provider network involves real time situational awareness of the threats against the network. Working together, Ciena and CenturyLink have created a network security strategy to enhance their situational awareness and proactively minimize risk. Creating an “always -up network” approach involves having the ability to immediately deploy a new generation of network function virtualization (NFV) tools as the threat becomes known. Firewalls, encryption and deep packet inspection devices that historically were part of the structural “plumbing” of networks are now taking on new lives as virtual instances can be quickly updated and modified to keep up with changing demands and attacks on the network.
“Ideally, we can download an encryption algorithm, like an app,” says Alexander. Similarly, “if we’re operating a network and see an anomaly, rather than find a packet sniffer, or something to plug in, I can just drop that app on my NFV desk top to see what’s going on,” he says.
Modern networks can also add another dimension for enterprises. “Imagine the world where you can sense things at the physical layer of the network, and correlate those events with what you see at the logical layer,” Alexander says.
For instance, if a scheduled video training event will create a temporary bandwidth demand event across the network, the SDN administrator can temporarily provision increased bandwidth for this time frame or define an additional route to support the anticipated increase in user demand. Another example where SDN demonstrates value is when an emergency (e.g. FEMA) event occurs, creating a temporary traffic demand event on a specific fiber node. The SDN allows for traffic to be immediately rerouted or new routes quickly provisioned and traffic prioritized to accommodate this temporary event and ensure the agency mission is accomplished.
“To a great extent, SDN allows you to provision a connection and more continuously orchestrate and control your network in real time. And with that comes the ability to monitor and diagnose continuously,” Alexander says.
Many of those monitoring and response processes can, and need to be, automated, Alexander and Shelton say. CenturyLink’s network uses a defense in depth intrusion detection system (IDS), administered through its network operations group, according to Shelton. The system relies on “automated access controls on routers, servers, and other network elements, in accordance with CenturyLink’s information security policies and industry best practices,” she says.
Retrofitting legacy systems
While government agencies would like to modernize their networks, the reality is that resources are in short supply to upgrade legacy systems. However, Alexander insists that “the business case for rejuvenation is interesting. We’ve seen the power savings and (cooling savings from) reduced floor space that can justify the upgrade.” When you factor in the ability to support “eight server racks a kit, from one rack a kit, and taking the failures out, you realize what you’re spending to keep things going, it’s worth it.”
“The network today is more important than ever because it determines the experience of the end user,” he adds. “It relates to ‘Is it big enough to do what I need? Can I move my data where it needs to be? Does it have the availability we need? Is it robust enough if the power goes down?’ It’s a broad landscape,” he said, especially as enterprises increasingly depend on the cloud. “We have to solve capacity, availability and security to really utilize the cloud the way we need to.”
“[CenturyLink is] well down the path of SDN orchestration, and is one of the more vocal Tier 1 service providers arguing that ‘SDN is the path to the future,’” Alexander says. “Together we build the circulatory system, but you need the other services that enable the accomplishment of the mission,” he says.